AB#72207 Fixed error adding cert to store when CSP was changed by user.

Author: Bob Pokorny

CHANGELOG.md

@@ -1,3 +1,8 @@
+2.6.2
+* Fixed error when attempting to connect to remote computer using UO service account
+* Fixed the creation of a certificate when the Cryptographic Service Provider was changed by the user
+* Updated logic when getting the CSP.  Now supports modern CHG and legacy CAPI APIs.  This will allow the CSP to show in the stores inventory.
+
 2.6.1
 * Documentation updates for the 2.6 release
 * Fix a naming typo in the 2.5 migration SQL script

IISU/ImplementedStoreTypes/WinIIS/Management.cs

@@ -104,6 +104,8 @@ public JobResult ProcessJob(ManagementJobConfiguration config)
                                 // Add Certificate to Cert Store
                                 try
                                 {
+                                    IISBindingInfo bindingInfo = new IISBindingInfo(config.JobProperties);
+
                                     OrchestratorJobStatusJobResult psResult = OrchestratorJobStatusJobResult.Unknown;
                                     string failureMessage = "";
 
@@ -112,9 +114,8 @@ public JobResult ProcessJob(ManagementJobConfiguration config)
                                     _logger.LogTrace($"New thumbprint: {newThumbprint}");
 
                                     // Bind Certificate to IIS Site
-                                    if (newThumbprint != null)
+                                    if (!string.IsNullOrEmpty(newThumbprint))
                                     {
-                                        IISBindingInfo bindingInfo = new IISBindingInfo(config.JobProperties);
                                         _logger.LogTrace("Returned after binding certificate to store");
                                         var results = WinIISBinding.BindCertificate(_psHelper, bindingInfo, newThumbprint, "", _storePath);
                                         if (results != null && results.Count > 0)
@@ -172,6 +173,14 @@ public JobResult ProcessJob(ManagementJobConfiguration config)
                                             FailureMessage = failureMessage
                                         };
                                     }
+                                    else
+                                    {
+                                        complete = new JobResult
+                                        {
+                                            Result = OrchestratorJobStatusJobResult.Failure,
+                                            JobHistoryId = _jobHistoryID,
+                                            FailureMessage = $"No thumbprint was returned.  Unable to bind certificate to site: {bindingInfo.SiteName}."
+                                        };                                    }
                                 }
                                 catch (Exception ex)
                                 {
@@ -183,7 +192,7 @@ public JobResult ProcessJob(ManagementJobConfiguration config)
                                     };
                                 }
 
-                                _logger.LogTrace($"Completed adding and binding the certificate to the store");
+                                _logger.LogTrace($"Exiting the Adding of Certificate process.");
 
                                 break;
                             }

IISU/PSHelper.cs

@@ -185,9 +185,6 @@ private void InitializeRemoteSession()
                 _logger.LogTrace("Initializing WinRM connection");
                 try
                 {
-                    var pw = new NetworkCredential(serverUserName, serverPassword).SecurePassword;
-                    PSCredential myCreds = new PSCredential(serverUserName, pw);
-
                     // Create the PSSessionOption object
                     var sessionOption = new PSSessionOption
                     {
@@ -197,8 +194,16 @@ private void InitializeRemoteSession()
                     PS.AddCommand("New-PSSession")
                     .AddParameter("ComputerName", ClientMachineName)
                     .AddParameter("Port", port)
-                    .AddParameter("Credential", myCreds)
                     .AddParameter("SessionOption", sessionOption);
+
+                    if (!string.IsNullOrEmpty(serverUserName))
+                    {
+                        var pw = new NetworkCredential(serverUserName, serverPassword).SecurePassword;
+                        PSCredential myCreds = new PSCredential(serverUserName, pw);
+
+                        PS.AddParameter("Credential", myCreds);
+                    }
+
                 }
                 catch (Exception)
                 {
@@ -235,20 +240,19 @@ private void InitializeRemoteSession()
 
         private void InitializeLocalSession()
         {
+            _logger.LogTrace("Creating out-of-process Powershell Runspace.");
+            PowerShellProcessInstance psInstance = new PowerShellProcessInstance(new Version(5, 1), null, null, false);
+            Runspace rs = RunspaceFactory.CreateOutOfProcessRunspace(new TypeTable(Array.Empty<string>()), psInstance);
+            rs.Open();
+            PS.Runspace = rs;
+
             _logger.LogTrace("Setting Execution Policy to Unrestricted");
             PS.AddScript("Set-ExecutionPolicy Unrestricted -Scope Process -Force");
             PS.Invoke();  // Ensure the script is invoked and loaded
             CheckErrors();
 
             PS.Commands.Clear();  // Clear commands after loading functions
 
-            // Trying this to get IISAdministration loaded!!
-            PowerShellProcessInstance psInstance = new PowerShellProcessInstance(new Version(5, 1), null, null, false);
-            Runspace rs = RunspaceFactory.CreateOutOfProcessRunspace(new TypeTable(Array.Empty<string>()), psInstance);
-            rs.Open();
-
-            PS.Runspace = rs;
-
             _logger.LogTrace("Setting script file into memory");
             PS.AddScript(". '" + scriptFileLocation + "'");
             PS.Invoke();  // Ensure the script is invoked and loaded